Skills
skills/ahgraber/skills/sdd-derive/Gen Agent Trust Hub

sdd-derive

Warn

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to read .specs/.sdd/schema-config.yaml and run "configured extraction commands" defined within (Phase 3). This allows for the execution of arbitrary shell commands based on content within the project's local directory.
  • [EXTERNAL_DOWNLOADS]: The instructions suggest the installation of an external CLI tool code-review-graph using the command uv tool install code-review-graph (Phase 2).
  • [CREDENTIALS_UNSAFE]: The skill's codebase survey instructions (Phase 2) explicitly prompt the agent to find and read "Config or environment files," which commonly contain sensitive information like API keys or database credentials.
  • [DATA_EXFILTRATION]: While no explicit exfiltration destination is identified, the skill reads sensitive configuration files and provides a mechanism to execute arbitrary commands, which could be leveraged to send sensitive data to an external server.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 13, 2026, 12:44 PM